Databases
StackOverflow2013
Postsdbo
POChange Password in Active Directory using LDAP/PHP/IIS/SSL
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POChange Password in Active Directory using LDAP/PHP/IIS/SSL
    primarykey
    data
    text
    <p>First of all, this may be less of a programming question and more of a how do I configure LDAPS question, but here goes...</p> <p><strong>Background Info:</strong></p> <p>I have two Windows 2008 R2 servers. One is a domain controller (DC) with Active Directory (AD) that I want to communicate with via LDAP. This one is named TestBox.TestDomain.local. The other server is running IIS, PHP (with ldap and openssl), and mySQL.</p> <p><strong>What is/isn't working:</strong></p> <p>I can successfully connect to the DC unsecured over port 389 and read/write data to AD. What I can't do is change or set user passwords since this requires a secure connection using LDAPS (LDAP w/ SSL) over port 636.</p> <p><strong>What I need help with:</strong></p> <p>I have tried installing Active Directory Certificate Services (AD CS) and configuring the DC to act as a Certificate Authority (CA) using information found here: <a href="http://technet.microsoft.com/en-us/library/cc770357(WS.10).aspx" rel="nofollow">http://technet.microsoft.com/en-us/library/cc770357(WS.10).aspx</a> but no matter what I try I can't get a connection over LDAPS to work.</p> <p><strong>Sample Code:</strong></p> <p>Creating the LDAP Connection</p> <pre><code>function ldapConnect(){ $ip = "100.200.300.400"; // WAN IP goes here; $ldap_url = "ldap://$ip"; $ldaps_url = "ldaps://$ip"; $ldap_domain = 'testdomain.local'; $ldap_dn = "dc=testdomain,dc=local"; // Unsecure - WORKS $ldap_conn = ldap_connect( $ldap_url ) or die("Could not connect to LDAP server ($ldap_url)"); //alternate connection method //$ldap_conn=ldap_connect( $ip, 389 ) or die("Could not connect to LDAP server (IP: $ip, PORT: 389)"); // Secure - DOESN'T WORK //$ldap_conn = ldap_connect( $ldaps_url ) or die("Could not connect to LDAP server ($ldaps_url)"); //alternate connection method //$ldap_conn=ldap_connect( $ip, 636 ) or die("Could not connect to LDAP server (IP: $ip, PORT: 636)"); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); $username = "AdminUser"; $password = "AdminPass"; // bind using admin username and password // could also use dn... ie. CN=Administrator,CN=Users,DC=TestDomain,DC=local $result = ldap_bind($ldap_conn, "$username@$ldap_domain", $password ) or die("&lt;br&gt;Error: Couldn't bind to server using supplied credentials!"); if($result){ return $ldap_conn; }else{ die("&lt;br&gt;Error: Couldn't bind to server using supplied credentials!"); } } </code></pre> <p>Adding a New User to Active Directory</p> <pre><code>function ldapAddUser($ldap_conn, $ou_dn, $firstName, $lastName, $username, $pwdtxt, $email){ $dn = "CN=$firstName $lastName,".$ou_dn; ## Create Unicode password $newPassword = "\"" . $pwdtxt . "\""; $len = strlen($newPassword); $newPassw = ""; for($i=0;$i&lt;$len;$i++) { $newPassw .= "{$newPassword{$i}}\000"; } $ldaprecord['cn'] = $firstName." ".$lastName; $ldaprecord['displayName'] = $firstName." ".$lastName; $ldaprecord['name'] = $firstName." ".$lastName; $ldaprecord['givenName'] = $firstName; $ldaprecord['sn'] = $lastName; $ldaprecord['mail'] = $email; $ldaprecord['objectclass'] = array("top","person","organizationalPerson","user"); $ldaprecord["sAMAccountName"] = $username; //$ldaprecord["unicodepwd"] = $newPassw; $ldaprecord["UserAccountControl"] = "544"; $r = ldap_add($ldap_conn, $dn, $ldaprecord); // set password .. not sure if I need to base64 encode or not $encodedPass = array('userpassword' =&gt; base64_encode($newPassw)); //$encodedPass = array('unicodepwd' =&gt; $newPassw); echo "Change password "; if(ldap_mod_replace ($ldap_conn, $dn, $encodedPass)){ echo "succeded"; }else{ echo "failed"; } } </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. UScompcentral
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    3. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POChange Password in Active Directory using LDAP/PHP/IIS/SSL
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POChange Password in Active Directory using LDAP/PHP/IIS/SSL
      1. This table or related slice is empty.
      1. VTUpMod
    1. COHey, just wanted to know if this worked for you in the end and what you had to do. I am having very similar issues. Did you just restart the windows server?
      singulars
      1. POChange Password in Active Directory using LDAP/PHP/IIS/SSL
      1. USJerry Saravia
    2. COIt's I wound up changing how I approached this issue. In the end, I set passwords using an LDIF script.
      singulars
      1. POChange Password in Active Directory using LDAP/PHP/IIS/SSL
      1. UScompcentral
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload